Security and Pen-Testing

My personal recommendation of resources related to IT security and pen-testing

Posted July 17, 2021 by Adrian Wyssmann

Online Tools

Url Description
PayloadsAllTheThings A list of useful payloads and bypass for Web Application Security and Pentest/CTF
external-protocol-flooding Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

Tools

Url Description
Depix Recovers passwords from pixelized screenshots
RedRabbit PowerShell script aimed at helping pentesters conduct ethical hacking #RedTeam. The aim is to highlight just how Powerful PowerShell is and how it can be used against you (Ethically)
social-analyzer API, CLI & Web App for analyzing & finding a person’s profile across social media \ websites (Detections are updated regularly)
cve-search cve-search - a tool to perform local searches for known vulnerabilities
Infection Monkey [Infection Monkey](Infection Monkey - An automated pentest tool ) - An automated pentest tool
SocialFish Educational Phishing Tool & Information Collector
bettercap The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks
mimikatz A little tool to play with Windows security, see also here

Resources

Url Description
KingOfBugBountyTips Share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters.
Incident-Playbook GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Edit this page